From 931027820e4dafabc78aff82af59f8c1c4bd3128 Mon Sep 17 00:00:00 2001 From: Eric Dumazet Date: Fri, 29 Jul 2022 09:12:32 +0000 Subject: net: rose: fix netdev reference changes Bernard reported that trying to unload rose module would lead to infamous messages: unregistered_netdevice: waiting for rose0 to become free. Usage count = xx This patch solves the issue, by making sure each socket referring to a netdevice holds a reference count on it, and properly releases it in rose_release(). rose_dev_first() is also fixed to take a device reference before leaving the rcu_read_locked section. Following patch will add ref_tracker annotations to ease future bug hunting. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: Bernard Pidoux Signed-off-by: Eric Dumazet Tested-by: Bernard Pidoux Signed-off-by: Jakub Kicinski --- net/rose/af_rose.c | 11 +++++++++-- net/rose/rose_route.c | 2 ++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c index bf2d986a6bc3..a8e3ec800a9c 100644 --- a/net/rose/af_rose.c +++ b/net/rose/af_rose.c @@ -192,6 +192,7 @@ static void rose_kill_by_device(struct net_device *dev) rose_disconnect(s, ENETUNREACH, ROSE_OUT_OF_ORDER, 0); if (rose->neighbour) rose->neighbour->use--; + dev_put(rose->device); rose->device = NULL; } } @@ -592,6 +593,8 @@ static struct sock *rose_make_new(struct sock *osk) rose->idle = orose->idle; rose->defer = orose->defer; rose->device = orose->device; + if (rose->device) + dev_hold(rose->device); rose->qbitincl = orose->qbitincl; return sk; @@ -645,6 +648,7 @@ static int rose_release(struct socket *sock) break; } + dev_put(rose->device); sock->sk = NULL; release_sock(sk); sock_put(sk); @@ -721,7 +725,6 @@ static int rose_connect(struct socket *sock, struct sockaddr *uaddr, int addr_le struct rose_sock *rose = rose_sk(sk); struct sockaddr_rose *addr = (struct sockaddr_rose *)uaddr; unsigned char cause, diagnostic; - struct net_device *dev; ax25_uid_assoc *user; int n, err = 0; @@ -778,9 +781,12 @@ static int rose_connect(struct socket *sock, struct sockaddr *uaddr, int addr_le } if (sock_flag(sk, SOCK_ZAPPED)) { /* Must bind first - autobinding in this may or may not work */ + struct net_device *dev; + sock_reset_flag(sk, SOCK_ZAPPED); - if ((dev = rose_dev_first()) == NULL) { + dev = rose_dev_first(); + if (!dev) { err = -ENETUNREACH; goto out_release; } @@ -788,6 +794,7 @@ static int rose_connect(struct socket *sock, struct sockaddr *uaddr, int addr_le user = ax25_findbyuid(current_euid()); if (!user) { err = -EINVAL; + dev_put(dev); goto out_release; } diff --git a/net/rose/rose_route.c b/net/rose/rose_route.c index eb0b8197ac82..fee772b4637c 100644 --- a/net/rose/rose_route.c +++ b/net/rose/rose_route.c @@ -615,6 +615,8 @@ struct net_device *rose_dev_first(void) if (first == NULL || strncmp(dev->name, first->name, 3) < 0) first = dev; } + if (first) + dev_hold(first); rcu_read_unlock(); return first; -- cgit v1.2.3 From 2df91e397d85cd4c5206ab48d4e398e338db02d7 Mon Sep 17 00:00:00 2001 From: Eric Dumazet Date: Fri, 29 Jul 2022 09:12:33 +0000 Subject: net: rose: add netdev ref tracker to 'struct rose_sock' This will help debugging netdevice refcount problems with CONFIG_NET_DEV_REFCNT_TRACKER=y Signed-off-by: Eric Dumazet Cc: Tested-by: Bernard Pidoux Signed-off-by: Jakub Kicinski --- include/net/rose.h | 3 ++- net/rose/af_rose.c | 12 +++++++++--- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/include/net/rose.h b/include/net/rose.h index f192a64ddef2..23267b4efcfa 100644 --- a/include/net/rose.h +++ b/include/net/rose.h @@ -132,7 +132,8 @@ struct rose_sock { ax25_address source_digis[ROSE_MAX_DIGIS]; ax25_address dest_digis[ROSE_MAX_DIGIS]; struct rose_neigh *neighbour; - struct net_device *device; + struct net_device *device; + netdevice_tracker dev_tracker; unsigned int lci, rand; unsigned char state, condition, qbitincl, defer; unsigned char cause, diagnostic; diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c index a8e3ec800a9c..36fefc3957d7 100644 --- a/net/rose/af_rose.c +++ b/net/rose/af_rose.c @@ -192,7 +192,7 @@ static void rose_kill_by_device(struct net_device *dev) rose_disconnect(s, ENETUNREACH, ROSE_OUT_OF_ORDER, 0); if (rose->neighbour) rose->neighbour->use--; - dev_put(rose->device); + netdev_put(rose->device, &rose->dev_tracker); rose->device = NULL; } } @@ -594,7 +594,7 @@ static struct sock *rose_make_new(struct sock *osk) rose->defer = orose->defer; rose->device = orose->device; if (rose->device) - dev_hold(rose->device); + netdev_hold(rose->device, &rose->dev_tracker, GFP_ATOMIC); rose->qbitincl = orose->qbitincl; return sk; @@ -648,7 +648,7 @@ static int rose_release(struct socket *sock) break; } - dev_put(rose->device); + netdev_put(rose->device, &rose->dev_tracker); sock->sk = NULL; release_sock(sk); sock_put(sk); @@ -700,6 +700,7 @@ static int rose_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) rose->source_addr = addr->srose_addr; rose->device = dev; + netdev_tracker_alloc(rose->device, &rose->dev_tracker, GFP_KERNEL); rose->source_ndigis = addr->srose_ndigis; if (addr_len == sizeof(struct full_sockaddr_rose)) { @@ -801,6 +802,8 @@ static int rose_connect(struct socket *sock, struct sockaddr *uaddr, int addr_le memcpy(&rose->source_addr, dev->dev_addr, ROSE_ADDR_LEN); rose->source_call = user->call; rose->device = dev; + netdev_tracker_alloc(rose->device, &rose->dev_tracker, + GFP_KERNEL); ax25_uid_put(user); rose_insert_socket(sk); /* Finish the bind */ @@ -1024,6 +1027,9 @@ int rose_rx_call_request(struct sk_buff *skb, struct net_device *dev, struct ros make_rose->source_digis[n] = facilities.source_digis[n]; make_rose->neighbour = neigh; make_rose->device = dev; + /* Caller got a reference for us. */ + netdev_tracker_alloc(make_rose->device, &make_rose->dev_tracker, + GFP_ATOMIC); make_rose->facilities = facilities; make_rose->neighbour->use++; -- cgit v1.2.3